Description

Damn this weird boss. He doesn't let me use keys longer than 2 characters?
How am i supposed to make anything secure with 2 byte keys?
I know i know, i'll just encrypt everything 4 times with different keys, so its 8 characters! Im a genius!

Here is your message: NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284
And here is your flag: N2YxBndWO0qd8EwVeZYDVNYTaCzcI7jq7Zc3wRzrlyUdBEzbAx997zAOZi/bLinVj3bKfOniRzmjPgLsygzVzA==

Author: Ignis

In this crypto challenge, we were given a python script containing an AES CBC implementation that used only 2 bytes of security for each key.

The keys were generated in the format:

2 random lower/upper case letters or numbers + 14 null bytes

For example:

\x34\x67\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

In the python script, there was the corresponding plaintext of the encrypted message that we were given in the challenge description.

Message:

b"Its dangerous to solve alone, take this" + b"\x00"*9

Ciphertext:

NeNpX4+pu2elWP+R2VK78Dp0gbCZPeROsfsuWY1Knm85/4BPwpBNmClPjc3xA284

Working

Message ➡️ AES Encrypt (key1) ➡️ AES Encrypt (key2) ➡️ AES Encrypt (key3) ➡️ AES Encrypt (key4) ➡️ Ciphertext

Encryption used

The keys’ two random bytes were picked using this alphabet.

>>> alphabet = string.ascii_lowercase + string.ascii_uppercase + string.digits
>>> len(alphabet)
62

Bruteforcing a single key meant trying different combinations.

So normally bruteforcing all the 4 keys would have taken tries.

Solution

Instead of normally bruteforcing the keys we can bruteforce all the first two encryptions combinations and then all the last two decryptions combinations. By doing this we drastically reduce the computational difficulty of the problem from to combinations to try.

After writing this python script, we generated all the possible keys and calculated all the possible first two encryptions on the plain message:

Message➡️ AES Encrypt (key1) ➡️ AES Encrypt (key2) ➡️ sometext

And all the possible last two decryptions on the ciphertext:

Ciphertext➡️ AES Decrypt (key4) ➡️ AES Decrypt (key3) ➡️ sometext

After finding a corresponding texts pair, we have successfully found the keys used to encrypt the original message.

After using the 4 recovered keys to decrypt the flag we get:

ijctf{sp4ce_T1me_Tr4d3off_is_c00l_but_crYpt0_1s_c00l3r_abcdefgh}

Participants

image
@bonfee@timmykill@Centottanta